Wednesday, May 22

How G.M. Tricked Millions of Drivers Into Being Spied On (Including Me)

Automakers have been selling data about the driving behavior of millions of people to the insurance industry. In the case of General Motors, affected drivers weren’t informed, and the tracking led insurance companies to charge some of them more for premiums. I’m the reporter who broke the story. I recently discovered that I’m among the drivers who was spied on.

My husband and I bought a G.M.-manufactured 2023 Chevrolet Bolt in December. This month, my husband received his “consumer disclosure files” from LexisNexis Risk Solutions and Verisk, two data brokers that work with the insurance industry and that G.M. had been providing with data. (He requested the files after my article came out in March, heeding the advice I had given to readers.)

My husband’s LexisNexis report had a breakdown of the 203 trips we had taken in the car since January, including the distance, the start and end times, and how often we hard-braked or accelerated rapidly. The Verisk report, which dated back to mid-December and recounted 297 trips, had a high-level summary at the top: 1,890.89 miles driven; 4,251 driving minutes; 170 hard-brake events; 24 rapid accelerations, and, on a positive note, zero speeding events.

I had requested my own LexisNexis file while reporting, but it didn’t have driving data on it. Though both of our names are on the car’s title, the data from our Bolt accrued to my husband alone because the G.M. dealership listed him as the primary owner.

G.M.’s spokeswoman had told me that this data collection happened only to people who turned on OnStar, its connected services plan, and enrolled in Smart Driver, a gamified program that offers feedback and digital badges for good driving, either at the time of purchase or via their vehicle’s mobile app.

That wasn’t us — and I had checked to be sure. In mid-January, again while reporting, I had connected our car to the MyChevrolet app to see if we were enrolled in Smart Driver. The app said we weren’t, and thus we had no access to any information about how we drove.

But in April, when we found out our driving had been tracked, my husband signed into a browser-based version of his account page, on GM.com, which said our car was enrolled in “OnStar Smart Driver+.” G.M. says this discrepancy between the app and the website was the result of “a bug” that affected a “small population” of customers. That group got the worst possible version of Smart Driver: We couldn’t get insights into our driving, but insurance companies could.

Many G.M. owners have reached out with similar accounts since my article appeared. Jenn Archer of Illinois bought a Chevy Trailblazer in April 2022. She didn’t subscribe to OnStar and had never heard of Smart Driver, but last month discovered that LexisNexis had her driving data.

“I was furious,” she said. In the last two years, her insurance rate has increased by 50 percent.

In 10 federal lawsuits filed in the last month, drivers from across the country say they did not knowingly sign up for Smart Driver but recently learned that G.M. had provided their driving data to LexisNexis. According to one of the complaints, a Florida owner of a 2019 Cadillac CTS-V who drove it around a racetrack for events saw his insurance premium nearly double, an increase of more than $5,000 per year.

At no point had these drivers been explicitly informed that this would happen, not even in the fine print, they said. New reporting reveals the cause: a misleading screen that these people would have briefly seen when they bought their cars — if their salesperson showed it to them.

“G.M. established the Smart Driver program to promote safer driving for the benefit of customers who choose to participate,” said a company spokeswoman, Brandee Barker. “Based on customer feedback, we’ve decided to discontinue the Smart Driver product across all G.M. vehicles and unenroll all customers. This process will begin over the next few months.”

Last month, G.M. stopped sharing data with LexisNexis and Verisk — giving up annual revenue in the low millions, an employee familiar with the contracts said. The company also hired a new chief trust and privacy officer.

“Customer trust is a priority for us, and we are showing that in our actions,” Ms. Barker said.

According to G.M., our car was enrolled in Smart Driver when we bought it at a Chevrolet dealership in New York, during the flurry of document-signing that accompanies the purchase of a new vehicle. That this happened to me, the rare consumer who reads privacy policies and is constantly on the lookout for creepy data collection, demonstrates what little hope there was for the typical car buyer.

To find out how it happened, I called our dealership, a franchise of General Motors, and talked to the salesman who had sold us the car. He confirmed that he had enrolled us for OnStar, noting that his pay is docked if he fails to do so. He said that was a mandate from G.M., which sends the dealership a report card each month tracking the percentage of sign-ups.

G.M. doesn’t just want dealers selling cars; it wants them selling connected cars.

Our Bolt automatically came with eight years of Connected Access, a feature we didn’t know about until recently. It allows G.M. to send software updates to our car but also to collect data from it — actions consented to during OnStar enrollment.

Our salesman described the enrollment as a three-stage process that he does every day. He selects yes to enroll a customer in OnStar, then yes for the customer to receive text messages and then no to an insurance product that G.M. offers and that monitors how you drive your car. (This sounds similar to Smart Driver, but it is different.)

He does this so often, he said, that it has become automatic — yes, yes, no — and that he always chooses no for the last one because that monitoring would be a nuisance for customers.

Ms. Barker, the G.M. spokeswoman, said that dealers are not permitted to sign customers up and that the customer must be the one to accept the terms. At my request, she provided the series of screens that dealers are instructed to show customers during the enrollment for OnStar and Smart Driver. There is a message at the top of each screen: “The customer must personally review and accept (or decline) the terms below. This action is legally binding and cannot be done by dealer personnel.”

The flow of screens was almost exactly as my salesman described, except for the second one about receiving messages, which he said he always hits “yes” on. That screen wasn’t just about accepting messages from G.M.; it also opted us into OnStar Smart Driver.

It’s a screen that my husband and I do not recall seeing — presumably because our salesman filled it out for us as part of his standard procedure.

I drove to the dealership — in my Bolt, appropriately — to ask about this, and a more senior salesman said they always have the customers accept the terms themselves.

Maybe our salesman misspoke on the phone and my husband and I have forgotten a moment during our car purchase when we were asked to tap “yes” on this screen. I can’t say with certainty.

What I can say is that, regardless of who pushed the consent button, this screen about enrolling in notifications and Smart Driver doesn’t say anything about risk-profiling or insurance companies. It doesn’t even hint at the possibility that anyone but G.M. and the driver gets the data collected about how and where the vehicle is operated, which it says will be used to “improve your ownership experience” and help with “driving improvement.”

I showed the screen, used to enroll millions of people in Smart Driver, to a series of information design experts.

“What you showed me does not at all disclose clearly how G.M. or OnStar benefits from the use and sale of your info,” said Jen King, an information privacy expert at Stanford University. “Including it during the purchase process appears to be a conscious decision to get high conversion rates.”

Harry Brignull, author of “Deceptive Patterns: Exposing the Tricks Tech Companies Use to Control You,” said: “In these sorts of agreements, they need to be very clear about the true function of it. Otherwise, users won’t understand what it is they’re opting into.”

Ms. Barker said G.M.’s terms and privacy statement allowed the company to share information with “third parties” — legalese that people agree to on the first screen the salesman was instructed to show us. That wouldn’t seem, however, to meet G.M.’s own bar for such sensitive information.

A decade ago, G.M. and other major automakers made a commitment to the Federal Trade Commission to provide “clear, meaningful and prominent” notice about the collection of driver behavior information, including why it is collected and “the types of entities with which the information may be shared.”

Moreover, this innocuous-sounding data-collection program appears alongside a request to send important-seeming notifications about, among other things, “issues with your car’s key operating systems.” To get them, you have to accept the other.

Kate Aishton, a lawyer who advises companies on data and privacy practices, deemed the process poorly designed for obtaining actual user consent, particularly since it takes place in a high-pressure sales environment. She was sympathetic to salespeople who were given an incentive to sign G.M. customers up for this without realizing the consequences.

“Their job is to sell cars. It’s not to understand the details of privacy products,” she said. “Passing the buck on to that blind person, if there hasn’t been a really specific education on it, would be pretty unfair.”

A former G.M. employee who worked on the company’s data engineering team said he was not surprised that drivers did not understand what data was being collected from their cars and where it was going.

G.M., he said, gets data from all of its internet-connected cars. Some of that data collection benefits drivers, such as monitoring of vehicle health. For example, if a particular model has a transmission issue, he said, G.M. can see from vehicle data which specific cars are experiencing the problem and send their owners a targeted recall.

In recent years, he said, G.M. began analyzing other driving behavior besides speeding, braking and acceleration. An internal G.M. document from 2021, which was reviewed by The New York Times and which said more than eight million vehicles were “opted in” to Smart Driver at that time, described a new version of the program called “Smart Driver 2.0.” This version tracked hard cornering, forward collision alerts, lane-departure warnings and seatbelt reminders; these metrics were being used to price policies for drivers using G.M.’s own insurance plan, then called OnStar Insurance, but don’t seem to have been shared with LexisNexis and Verisk.

Still, these in-vehicle alerts, intended to help people drive more safely, became a measuring stick for how risky they were as drivers.

A new car, like mine, has hundreds of sensors, the former employee said, so even just a 15-minute trip creates millions of data points, including GPS location — all of which is broadcast in near real time to G.M. He expressed concerns about the insurance industry’s use of this data because it lacked context about the situation that might have led a driver to slam on the brakes or swerve out of a lane.

Asked how consumers can turn off G.M.’s digital access to their cars, a spokeswoman said customers could “disable all data collection” by contacting an OnStar adviser through the blue button in their vehicle or by calling the OnStar customer service line.

Some drivers have said on online forums that they don’t trust G.M. to stop remotely tracking their cars, and instead offer D.I.Y. advice for opening up the car’s electrical guts to remove the OnStar module.

Andrea Amico, founder of Privacy4Cars, a company that makes a tool to erase personal data from vehicle infotainment systems, said a line needed to be drawn between technical data from a vehicle — like that used to trigger recall notices — and personal data about drivers, such as how and where they drive, which should belong to them, not the automaker.

Beyond privacy issues, Mr. Amico pointed out that the driver behavior reports that LexisNexis and Verisk were creating were inaccurate — tracking my driving, for example, on my husband’s report.

“The fact that they cannot reconcile who gave consent and whose data it is,” he said, “is very problematic.”

Audio produced by Jack D’Isidoro.

Kitty Bennett and Jack Begg contributed research.